# Contributor: Will Sinatra <wpsinatra@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libreswan
pkgver=4.12
pkgrel=0
pkgdesc="IPsec implementation for Linux"
url="https://libreswan.org/"
arch="all"
license="GPL-2.0-or-later"
depends="dnssec-root nss-tools iproute2 !strongswan"
provides="openswan=$pkgver-r$pkgrel"
options="!check" # no testsuite
makedepends="
	bash
	bison
	bsd-compat-headers
	coreutils
	curl-dev
	flex
	gmp-dev
	ldns-dev
	libcap-ng-dev
	linux-pam-dev
	nspr-dev
	nss-dev
	unbound-dev
	xmlto
	"
subpackages="$pkgname-doc $pkgname-openrc"
source="https://download.libreswan.org/libreswan-$pkgver.tar.gz
	initd-runscript.patch
	pam-rules.patch
	Makefile.inc.local
	"

# secfixes:
#   4.12-r0:
#     - CVE-2023-38710
#     - CVE-2023-38711
#     - CVE-2023-38712
#   4.6-r0:
#     - CVE-2022-23094
#   3.32-r0:
#     - CVE-2020-1763
#   3.29-r0:
#     - CVE-2019-10155
#   3.28-r0:
#     - CVE-2019-12312

build() {
	cp "$srcdir"/Makefile.inc.local "$builddir"
	make WERROR_CFLAGS="" \
		INITDIR_DEFAULT=/etc/init.d \
		PREFIX=/usr \
		FINALBINDIR=/usr/libexec/ipsec \
		FINALLIBEXECDIR=/usr/libexec/ipsec \
		programs
}

package() {
	make FINALMANDIR=share/man \
		INITDIR_DEFAULT=/etc/init.d \
		PREFIX=/usr \
		DESTDIR="$pkgdir" \
		INSTCONFFLAGS=-m644 \
		FINALBINDIR=/usr/libexec/ipsec \
		FINALLIBEXECDIR=/usr/libexec/ipsec \
		install
}

sha512sums="
3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0  libreswan-4.12.tar.gz
50bba031d0342695727f520840d3e3650bd9ffae918374f03b122573152d08399128e9fb04e6a52321801f3d5dc7c9eab96364ae581f3e673c947dc283e45c04  initd-runscript.patch
50ca2cdbb2007ce4fb883794110545d68d4dc31d70605a646e9980ef874cdb468eb5d661766fe15a11f6f1b42626c01c8f551c8799e550f0abeb5fd6a4b10119  pam-rules.patch
94bcde573fc320450864394f3824bfe23e6ac8528a7b0b8a7d97d02a3883b6f47951f8a89a2c46cc394c65c5b3f9788b644f7f911f90ac78540e6479715e0a11  Makefile.inc.local
"
